CVE-2020-6564

Published: Sep 21, 2020Modified: Nov 21, 2024

6.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

Inappropriate implementation in permissions in Google Chrome prior to 85.0.4183.83 allowed a remote attacker to spoof the contents of a permission dialog via a crafted HTML page.

Affected (7)

Products: Debian: Debian Linux · Fedoraproject: Fedora · Google: Chrome · +1 more

Show all products

Debian: Debian Linux · Fedoraproject: Fedora · Google: Chrome · Opensuse: Backports Sle, Leap

1 product

1 product

1 product

2 products

Configuration A

5 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 10.0
Fedoraproject Fedora	Version 33
Google Chrome	Before 85.0.4183.83
Opensuse Backports Sle	Version 15.0 sp1
Opensuse Backports Sle	Version 15.0 sp2

Configuration B

2 vulnerable

Vulnerable Software	Affected Versions
Opensuse Leap	Version 15.1
Opensuse Leap	Version 15.2

Related CWEs

Improper Preservation of Permissions

The product does not preserve permissions or incorrectly preserves permissions when copying, restoring, or sharing objects, which can cause them to have less restrictive permissions than intended.

References (14)

http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00072.html

Source: chrome-cve-admin@google.com

Mailing ListThird Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00078.html

Source: chrome-cve-admin@google.com

Third Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00081.html

Source: chrome-cve-admin@google.com

Third Party Advisory

https://chromereleases.googleblog.com/2020/08/stable-channel-update-for-desktop_25.html

Source: chrome-cve-admin@google.com

Vendor Advisory

https://crbug.com/841622

Source: chrome-cve-admin@google.com

Third Party Advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EE7XWIZBME7JAY7N6CGPET4CLNHHEIVT/

Source: chrome-cve-admin@google.com

https://www.debian.org/security/2021/dsa-4824

Source: chrome-cve-admin@google.com

Third Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00072.html

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00078.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00081.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://chromereleases.googleblog.com/2020/08/stable-channel-update-for-desktop_25.html

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://crbug.com/841622

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EE7XWIZBME7JAY7N6CGPET4CLNHHEIVT/

Source: af854a3a-2127-422b-91ae-364da2661108

https://www.debian.org/security/2021/dsa-4824

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.